Redmond patches IE zero-day on this month’s Patch Tuesday

Jul 15, 2015 05:53 GMT  ·  By

Microsoft has rolled out 14 security updates as part of this month’s Patch Tuesday cycle to fix flaws in Windows, Office, and Internet Explorer, but as far as the last of these is concerned, there’s one critical patch that should be installed as soon as possible.

The software giant has patched a critical zero-day flaw found in the Hacking Team data leak that occurred not long ago, and what’s more impressive is that the company needed only a couple of weeks to develop a fix and release it to users.

This could be sign that the bug was critical to users, but also that Microsoft is reacting much faster these days, when such zero-days are found.

Internet Explorer 11 is the only version affected

Security company Trend Micro found a proof-of-concept for this security flaw, but they say that no known attacks have been logged, so for the moment, it turns out that users are on the safe side even if they haven’t patched their computers yet.

Only Internet Explorer 11 is affected, they say, which means that users running this particular browser on Windows 7 and Windows 8.1 are at risk. A successful exploit would crash the browser and allow any code on the vulnerable system, but this depends on the OS version that’s powering your computer.

Trend Micro explains:

“Simply put, if an attacker successfully exploits the vulnerability, he can basically run any code on the system. The extent of the attacker’s advances, though, is dependent on the OS version. On Windows 7, the IE11 tab process has the same privilege as the IE11 frame process. The shellcode will be run with the same privileges as the logged in user. On Windows 8.1 and later, the privilege of IE11 tab process is low by default. A successful attack would require a separate privilege escalation vulnerability.”

This critical security patch is part of MS15-065, so if you’re looking at today’s security updates and don’t know which one to install first, make sure you prioritize this one.